OpenVPN on pfSense problems

From: David White 
------------------------------------------------------
So I sent the following email to the pfSense list a few minutes ago, but I
also thought I'd post the question here... I'm having trouble getting
OpenVPN working on pfSense (I think I'm cursed with OpenVPN - I've never
had a successful deployment of it, either stand-alone on CentOS or in
pfSense!)

I'm not sure if the problem is on the server or on the client. I tend to
think that the problem is on the client's side.

Here's the email I sent:

I'm having trouble connecting my Windows 7 OpenVPN client to the pfSense
2.1.4 server. I have tried two different types of ciphers (BF-CBC and
AES-256-CBC).

This is a fresh 2.1.4 install with the server's settings generated using
the Wizard. I'm including my local config file. As you can see, I'm trying
to connect via username / password and not via SSL certificate.

*dev tun*
*persist-tun*
*cipher BF-CBC*
*auth SHA1*
*tls-client*
*client*
*resolv-retry infinite*
*remote 204.93.122.117 1194 udp*
*lport 0*
*auth-user-pass*
*ca C:\nnh-vpn.crt*
*comp-lzo*

It seems that the client is hitting the server, but for some reason, my
client isn't successfully connecting. Here's the last 50 entries in the
OpenVPN server's log (see end of this email).

I'm having trouble tracking down the log files on the client machine, so
perhaps this email should go to OpenVPN folks and not pfSense. But I'm
wondering if anyone on this list has any suggestions.

Thanks,
David

Jun 30 23:29:19openvpn[98461]: /sbin/ifconfig ovpns1 10.1.5.1 10.1.5.2 mtu
1500 netmask 255.255.255.255 upJun 30 23:29:19openvpn[98461]:
/usr/local/sbin/ovpn-linkup ovpns1 1500 1558 10.1.5.1 10.1.5.2 initJun 30
23:29:19openvpn[99566]: UDPv4 link local (bound): [AF

=============================================================== From: Dave Brockman ------------------------------------------------------ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Maybe if you tried a more "standard" configuration, you would have better luck? I'm not even going to ask why. Use certificates. You can use X-AUTH to require a username and password pair above and beyond the certificate. And you really should generate a different certificate for each user. Do you have the OpenVPN Client Export Package installed in pfsense? If not, install that, then download the Win package for your user and uninstall any existing versions of OpenVPN client before installing the export package. Regards, dtb - -- "Some things in life can never be fully appreciated nor understood unless experienced firsthand. Some things in networking can never be fully understood by someone who neither builds commercial networking equipment nor runs an operational network." RFC 1925 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJTshKIAAoJEMP+wtEOVbcdmV8H/iLuf2xDr50gpuPzSymYcgM5 6NFv8ns4GX3H04kvW9HkOivFI7p+XmsIWKRmmSVXrk/NBf7IVLi1SEAktbm36p3v inIsrKLLtCr4BuoIvt7eVWx4KtNkYlOh5uMvf5J2CpuXsq0HJzdWw5Je5nxNJsr/ sJqNt0WtqTAezKaZDZ12eyqn4d9vlUPJcUsw5Wwru/25oU04wSsF0RjfaMqJQbGn dOhak157LTaPLc6aB/Ds4o8sRasC0PCJDZTpe+OAFrE1Rhuk5OtvyGWy37ZJCvQq 499yHvWdAtJQrUTIR3bpCoTi3dj87LhZbkQ/UvLr2kEJvDdBH4Hl9Fab7U20KBs= =ICA4 -----END PGP SIGNATURE-----

=============================================================== From: David White ------------------------------------------------------ Heh. Point taken. Thanks. I tried doing the OpenVPN Client Export Utility, but whenever I tried to install the package, I kept running into issues - it kept failing. I ended up having to go into the shell and manually delete an OpenVPN package and install it again. Now it's working, and I've tested the VPN and its working.